From a36558dada194acaaa5920fd91b7d74c25ddb70c Mon Sep 17 00:00:00 2001 From: Mark Phelps Date: Sat, 3 Jul 2021 10:11:32 -0400 Subject: [PATCH 1/2] Try building IT image --- .github/actions/integration-test/action.yml | 10 +- .github/workflows/benchmark.yml | 67 ++++++------- .github/workflows/database-test.yml | 88 ++++++++-------- .github/workflows/integration-test-image.yml | 51 ++++++++++ .github/workflows/integration-test.yml | 100 +++++++++---------- .github/workflows/release.yml | 47 +++++---- .github/workflows/test.yml | 60 +++++------ Dockerfile.it | 23 +++++ test/{api => api.sh} | 0 test/{cli => cli.bats} | 0 test/{ui => ui.sh} | 0 11 files changed, 259 insertions(+), 187 deletions(-) create mode 100644 .github/workflows/integration-test-image.yml create mode 100644 Dockerfile.it rename test/{api => api.sh} (100%) rename test/{cli => cli.bats} (100%) rename test/{ui => ui.sh} (100%) diff --git a/.github/actions/integration-test/action.yml b/.github/actions/integration-test/action.yml index cbb14248d2..52c14114f7 100644 --- a/.github/actions/integration-test/action.yml +++ b/.github/actions/integration-test/action.yml @@ -1,12 +1,12 @@ # action.yml -name: 'Flipt IT Tests' -description: 'Container for running Flipt ITs' +name: "Flipt IT Tests" +description: "Container for running Flipt ITs" inputs: - args: # id of input + args: # id of input description: args to pass to container' required: true runs: - using: 'docker' - image: 'Dockerfile' + using: "docker" + image: "docker://ghcr.io/markphelps/flipt-integration-test" args: - ${{ inputs.args }} diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 827deb79cd..aa3ce77494 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -2,9 +2,9 @@ name: Benchmark on: pull_request: paths-ignore: - - '*.md' - - '*.yml' - - '.all-contributorsrc' + - "*.md" + - "*.yml" + - ".all-contributorsrc" jobs: benchmark: @@ -15,8 +15,8 @@ jobs: postgres: image: postgres@sha256:c132d7802dcc127486a403fb9e9a52d9df2e3ab84037c5de8395ed6ba2743e20 ports: - # will assign a random free host port - - 5432/tcp + # will assign a random free host port + - 5432/tcp # needed because the postgres container does not provide a healthcheck options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 env: @@ -27,8 +27,8 @@ jobs: mysql: image: mysql@sha256:a31a277d8d39450220c722c1302a345c84206e7fd4cdb619e7face046e89031d ports: - # will assign a random free host port - - 3306/tcp + # will assign a random free host port + - 3306/tcp env: MYSQL_DATABASE: flipt_test MYSQL_USER: mysql @@ -36,38 +36,37 @@ jobs: MYSQL_ALLOW_EMPTY_PASSWORD: true steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 - with: - go-version: '1.16.x' + - uses: actions/setup-go@v2 + with: + go-version: "1.16.x" - - id: go-cache-paths - run: | - echo "::set-output name=go-build::$(go env GOCACHE)" - echo "::set-output name=go-mod::$(go env GOMODCACHE)" + - id: go-cache-paths + run: | + echo "::set-output name=go-build::$(go env GOCACHE)" + echo "::set-output name=go-mod::$(go env GOMODCACHE)" - - name: Checkout - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v2 - - name: Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-build }} - key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} + - name: Go Build Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-build }} + key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} - - name: Go Mod Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-mod }} - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + - name: Go Mod Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-mod }} + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - - name: Benchmark (SQLite) - run: go test -bench=. ./... -run=XXX -v + - name: Benchmark (SQLite) + run: go test -bench=. ./... -run=XXX -v - - name: Benchmark (Postgres) - run: DB_URL="postgres://postgres:password@localhost:${{ job.services.postgres.ports['5432'] }}/flipt_test?sslmode=disable" go test -bench=. ./... -run=XXX -v - - - name: Benchmark (MySQL) - run: DB_URL="mysql://mysql:password@localhost:${{ job.services.mysql.ports['3306'] }}/flipt_test" go test -bench=. ./... -run=XXX -v + - name: Benchmark (Postgres) + run: DB_URL="postgres://postgres:password@localhost:${{ job.services.postgres.ports['5432'] }}/flipt_test?sslmode=disable" go test -bench=. ./... -run=XXX -v + - name: Benchmark (MySQL) + run: DB_URL="mysql://mysql:password@localhost:${{ job.services.mysql.ports['3306'] }}/flipt_test" go test -bench=. ./... -run=XXX -v diff --git a/.github/workflows/database-test.yml b/.github/workflows/database-test.yml index c14079dde9..7604165397 100644 --- a/.github/workflows/database-test.yml +++ b/.github/workflows/database-test.yml @@ -2,9 +2,9 @@ name: Database Tests on: pull_request: paths-ignore: - - '*.md' - - '*.yml' - - '.all-contributorsrc' + - "*.md" + - "*.yml" + - ".all-contributorsrc" jobs: ## Postgres Tests @@ -16,8 +16,8 @@ jobs: postgres: image: postgres@sha256:c132d7802dcc127486a403fb9e9a52d9df2e3ab84037c5de8395ed6ba2743e20 ports: - # will assign a random free host port - - 5432/tcp + # will assign a random free host port + - 5432/tcp # needed because the postgres container does not provide a healthcheck options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 env: @@ -26,34 +26,34 @@ jobs: POSTGRES_PASSWORD: password steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 - with: - go-version: '1.16.x' + - uses: actions/setup-go@v2 + with: + go-version: "1.16.x" - - id: go-cache-paths - run: | - echo "::set-output name=go-build::$(go env GOCACHE)" - echo "::set-output name=go-mod::$(go env GOMODCACHE)" + - id: go-cache-paths + run: | + echo "::set-output name=go-build::$(go env GOCACHE)" + echo "::set-output name=go-mod::$(go env GOMODCACHE)" - - name: Checkout - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v2 - - name: Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-build }} - key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} + - name: Go Build Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-build }} + key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} - - name: Go Mod Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-mod }} - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + - name: Go Mod Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-mod }} + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - - name: Unit Test (Postgres) - run: DB_URL="postgres://postgres:password@localhost:${{ job.services.postgres.ports['5432'] }}/flipt_test?sslmode=disable" go test -count=1 -v ./... + - name: Unit Test (Postgres) + run: DB_URL="postgres://postgres:password@localhost:${{ job.services.postgres.ports['5432'] }}/flipt_test?sslmode=disable" go test -count=1 -v ./... ## MySQL Tests mysql: @@ -64,8 +64,8 @@ jobs: mysql: image: mysql@sha256:a31a277d8d39450220c722c1302a345c84206e7fd4cdb619e7face046e89031d ports: - # will assign a random free host port - - 3306/tcp + # will assign a random free host port + - 3306/tcp env: MYSQL_DATABASE: flipt_test MYSQL_USER: mysql @@ -73,21 +73,21 @@ jobs: MYSQL_ALLOW_EMPTY_PASSWORD: true steps: - - name: Setup Go - uses: actions/setup-go@v2 - with: - go-version: '1.16.x' - id: go + - name: Setup Go + uses: actions/setup-go@v2 + with: + go-version: "1.16.x" + id: go - - name: Checkout - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v2 - - name: Restore Cache - uses: actions/cache@v1 - id: cache - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-${{ hashFiles('**/go.sum') }} + - name: Restore Cache + uses: actions/cache@v1 + id: cache + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-${{ hashFiles('**/go.sum') }} - - name: Unit Test (MySQL) - run: DB_URL="mysql://mysql:password@localhost:${{ job.services.mysql.ports['3306'] }}/flipt_test" go test -count=1 -v ./... + - name: Unit Test (MySQL) + run: DB_URL="mysql://mysql:password@localhost:${{ job.services.mysql.ports['3306'] }}/flipt_test" go test -count=1 -v ./... diff --git a/.github/workflows/integration-test-image.yml b/.github/workflows/integration-test-image.yml new file mode 100644 index 0000000000..4d1c051e8d --- /dev/null +++ b/.github/workflows/integration-test-image.yml @@ -0,0 +1,51 @@ +name: Build/Push Integration Test Image +on: + push: + paths: + - "test/**" + - "Dockerfile.it" + workflow_dispatch: + +jobs: + docker: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to GHCR + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push + uses: docker/build-push-action@v2 + with: + context: . + file: Dockerfile.it + push: true + tags: ghcr.io/markphelps/flipt-integration-test:latest + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + # This ugly bit is necessary if you don't want your cache to grow forever + # till it hits GitHub's limit of 5GB. + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 3a65554d9a..e0d2fafdad 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -2,9 +2,9 @@ name: Integration Tests on: pull_request: paths-ignore: - - '*.md' - - '*.yml' - - '.all-contributorsrc' + - "*.md" + - "*.yml" + - ".all-contributorsrc" jobs: ## Integration Tests @@ -15,62 +15,62 @@ jobs: timeout-minutes: 20 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v2 - - uses: actions/setup-go@v2 - with: - go-version: '1.16.x' + - uses: actions/setup-go@v2 + with: + go-version: "1.16.x" - - uses: actions/setup-node@v2.1.5 - with: - node-version: '14' + - uses: actions/setup-node@v2.1.5 + with: + node-version: "14" - - id: go-cache-paths - run: | - echo "::set-output name=go-build::$(go env GOCACHE)" - echo "::set-output name=go-mod::$(go env GOMODCACHE)" + - id: go-cache-paths + run: | + echo "::set-output name=go-build::$(go env GOCACHE)" + echo "::set-output name=go-mod::$(go env GOMODCACHE)" - - name: Checkout - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v2 - - name: Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-build }} - key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} + - name: Go Build Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-build }} + key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} - - name: Go Mod Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-mod }} - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + - name: Go Mod Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-mod }} + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - - name: Get yarn cache directory path - id: yarn-cache-dir-path - run: echo "::set-output name=dir::$(yarn cache dir)" + - name: Get yarn cache directory path + id: yarn-cache-dir-path + run: echo "::set-output name=dir::$(yarn cache dir)" - - uses: actions/cache@v2 - id: yarn-cache - with: - path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + - uses: actions/cache@v2 + id: yarn-cache + with: + path: ${{ steps.yarn-cache-dir-path.outputs.dir }} + key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} - - name: Build the binary - run: | - make bootstrap - make build + - name: Build the binary + run: | + make bootstrap + make build - - name: Test API - uses: ./.github/actions/integration-test - with: - args: ./test/api + - name: Test API + uses: ./.github/actions/integration-test + with: + args: ./test/api.sh - - name: Test CLI - uses: ./.github/actions/integration-test - with: - args: ./test/cli + - name: Test CLI + uses: ./.github/actions/integration-test + with: + args: ./test/cli.bats - - name: Test UI - uses: ./.github/actions/integration-test - with: - args: ./test/ui + - name: Test UI + uses: ./.github/actions/integration-test + with: + args: ./test/ui.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a0182c9b7..b51e7443c1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,29 +8,28 @@ jobs: pull: runs-on: ubuntu-latest steps: - - - uses: rez0n/actions-github-release@main - id: release - env: - token: ${{ secrets.GITHUB_TOKEN }} - repository: "markphelps/flipt" - type: "stable" - - - name: Verify Dockerhub - run: docker pull markphelps/flipt:${{ steps.release.outputs.release }} + - uses: rez0n/actions-github-release@main + id: release + env: + token: ${{ secrets.GITHUB_TOKEN }} + repository: "markphelps/flipt" + type: "stable" - - name: Verify GHCR - run: docker pull ghcr.io/markphelps/flipt:${{ steps.release.outputs.release }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.0.18 - with: - image-ref: 'docker.io/markphelps/flipt:${{ steps.release.outputs.release }}' - format: 'template' - template: '@/contrib/sarif.tpl' - output: 'trivy-results.sarif' + - name: Verify Dockerhub + run: docker pull markphelps/flipt:${{ steps.release.outputs.release }} - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: 'trivy-results.sarif' + - name: Verify GHCR + run: docker pull ghcr.io/markphelps/flipt:${{ steps.release.outputs.release }} + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.0.18 + with: + image-ref: "docker.io/markphelps/flipt:${{ steps.release.outputs.release }}" + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-results.sarif" + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-results.sarif" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 80b43ecc0a..04cd99ce74 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,8 +2,8 @@ name: Lint/Test on: push: paths-ignore: - - '*.md' - - '.all-contributorsrc' + - "*.md" + - ".all-contributorsrc" jobs: ## Lint @@ -33,31 +33,31 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - - uses: actions/setup-go@v2 - with: - go-version: '1.16.x' - - - id: go-cache-paths - run: | - echo "::set-output name=go-build::$(go env GOCACHE)" - echo "::set-output name=go-mod::$(go env GOMODCACHE)" - - - name: Go Build Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-build }} - key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} - - - name: Go Mod Cache - uses: actions/cache@v2 - with: - path: ${{ steps.go-cache-paths.outputs.go-mod }} - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - - - name: Unit Test (SQLite) - run: go test -covermode=count -coverprofile=coverage.txt -count=1 ./... - - - name: Coverage - uses: codecov/codecov-action@v1 + - uses: actions/checkout@v2 + + - uses: actions/setup-go@v2 + with: + go-version: "1.16.x" + + - id: go-cache-paths + run: | + echo "::set-output name=go-build::$(go env GOCACHE)" + echo "::set-output name=go-mod::$(go env GOMODCACHE)" + + - name: Go Build Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-build }} + key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} + + - name: Go Mod Cache + uses: actions/cache@v2 + with: + path: ${{ steps.go-cache-paths.outputs.go-mod }} + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + + - name: Unit Test (SQLite) + run: go test -covermode=count -coverprofile=coverage.txt -count=1 ./... + + - name: Coverage + uses: codecov/codecov-action@v1 diff --git a/Dockerfile.it b/Dockerfile.it new file mode 100644 index 0000000000..812364b4a3 --- /dev/null +++ b/Dockerfile.it @@ -0,0 +1,23 @@ +FROM debian:stable-slim + +LABEL org.opencontainers.image.source="https://github.com/markphelps/flipt" + +RUN apt-get update && \ + apt-get install -y bats curl jq gnupg \ + # chromium dependencies + libgbm1 chromium chromium-l10n \ + # webkit dependencies + libwoff1 libopus0 libwebp6 libwebpdemux2 libenchant1c2a \ + libgudev-1.0-0 libsecret-1-0 libhyphen0 libgdk-pixbuf2.0-0 libegl1 libgles2 \ + libevent-2.1-6 libnotify4 libvpx5 libxslt1.1 + +RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ + echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list + +RUN curl -sL https://deb.nodesource.com/setup_12.x | bash + +RUN apt-get update && \ + apt-get install -y nodejs yarn && \ + apt-get clean -y + +EXPOSE 8080 diff --git a/test/api b/test/api.sh similarity index 100% rename from test/api rename to test/api.sh diff --git a/test/cli b/test/cli.bats similarity index 100% rename from test/cli rename to test/cli.bats diff --git a/test/ui b/test/ui.sh similarity index 100% rename from test/ui rename to test/ui.sh From f93e15a51548831a09cac9c673109a9a7415f74e Mon Sep 17 00:00:00 2001 From: Mark Phelps Date: Sat, 3 Jul 2021 10:23:16 -0400 Subject: [PATCH 2/2] Rm un-needed Dockerfile --- .github/actions/integration-test/Dockerfile | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 .github/actions/integration-test/Dockerfile diff --git a/.github/actions/integration-test/Dockerfile b/.github/actions/integration-test/Dockerfile deleted file mode 100644 index 4a7348e90a..0000000000 --- a/.github/actions/integration-test/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM debian:stable-slim - -RUN apt-get update && \ - apt-get install -y bats curl jq gnupg \ - # chromium dependencies - libgbm1 chromium chromium-l10n \ - # webkit dependencies - libwoff1 libopus0 libwebp6 libwebpdemux2 libenchant1c2a \ - libgudev-1.0-0 libsecret-1-0 libhyphen0 libgdk-pixbuf2.0-0 libegl1 libgles2 \ - libevent-2.1-6 libnotify4 libvpx5 libxslt1.1 - -RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list - -RUN curl -sL https://deb.nodesource.com/setup_12.x | bash - -RUN apt-get update && \ - apt-get install -y nodejs yarn && \ - apt-get clean -y - -EXPOSE 8080